AssessKitAssessKit

Privacy Policy

Last updated: March 2026

AssessKit is operated by Crocker Digital Ltd (Company No. 17008789), a company registered in England and Wales. We are the data controller for the personal data described in this policy.

Disclaimer: This document is provided for informational purposes and does not constitute legal advice. You should consult a qualified solicitor if you require formal legal guidance regarding your data protection rights or obligations.

1. What This Policy Covers

This policy explains what personal data we collect, why we collect it, how we use it, and what rights you have. It applies to all users of the AssessKit service at assesskit.co.uk.

2. Lawful Basis for Processing

We process your personal data on the basis of contract — it is necessary for us to process your data in order to provide you with the AssessKit service that you have signed up for.

Where we send you marketing communications (which we do not do by default), we rely on your consent, which you may withdraw at any time.

3. What Data We Collect

3.1 Account Information

  • Your name
  • Your email address
  • Your password (stored as a secure hash — we never store plain-text passwords)

3.2 Organisation Details

  • Organisation or company name
  • Business address
  • Contact details

3.3 Assessment Data

This is data you enter into AssessKit as part of your fire risk assessment work:

  • Building and site addresses
  • Client names and contact details
  • Assessment findings, observations, and recommended actions
  • Uploaded photographs
  • Generated assessment reports

3.4 Billing Data

  • Billing name and address
  • Payment history and subscription status
  • Payment processing is handled by Stripe. We do not store your card number, expiry date, or CVC. This data is held directly by Stripe. See Stripe's privacy policy for details.

3.5 Technical Data

  • Authentication session data (used to keep you logged in)
  • Basic analytics data collected by GoatCounter (page views only — see Section 7)

3.6 What We Do Not Collect

  • We do not knowingly collect special category data (as defined by UK GDPR), such as health data, biometric data, or data about racial or ethnic origin.
  • We do not collect data from children. AssessKit is intended for use by professionals aged 18 and over.

4. How We Use Your Data

We use your data to:

  • Provide and operate the AssessKit service
  • Authenticate you and keep your account secure
  • Process your subscription payments (via Stripe)
  • Send you transactional emails relating to your account (via Resend) — for example, password resets and billing confirmations
  • Understand how the service is used in aggregate (via GoatCounter analytics)
  • Respond to support requests

We do not:

  • Sell your data to third parties
  • Use your data for advertising
  • Send you marketing emails without your explicit consent
  • Use your assessment data for any purpose other than providing the service to you

5. Sub-processors

We use a limited number of third-party service providers (sub-processors) to help us deliver AssessKit. These providers process data on our behalf and under our instructions.

A full list of our sub-processors, including what data they process and where they are located, is available in our Sub-processors List.

6. Data Retention

  • Active accounts: Your data is retained for as long as your account is active.
  • After cancellation: Your account enters a 30-day read-only grace period. After this period, your account is deactivated.
  • On deletion request: All your data is deleted within 30 days of a confirmed deletion request (hard delete).
  • Billing records: Retained by Stripe in accordance with UK tax law requirements (up to 6 years).
  • Audit logs and anonymised analytics: Retained for up to 24 months.

Full details are available in our Retention and Deletion Policy.

7. Cookies

AssessKit uses only essential cookies for authentication session management (keeping you logged in). We do not use tracking cookies, advertising cookies, or any non-essential cookies.

Our analytics provider, GoatCounter, is cookieless and does not set any cookies or track individual users.

Because we only use essential cookies, no cookie consent banner is required under UK GDPR and the Privacy and Electronic Communications Regulations (PECR).

Full details are available in our Cookie Policy.

8. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

8.1 Right of Access

You can access your data at any time through the AssessKit application. We also provide a data export feature so you can download your data.

8.2 Right to Rectification

You can update or correct your account information and assessment data directly within the application. If you need help, contact us at privacy@assesskit.co.uk.

8.3 Right to Erasure

You can request deletion of your account and all associated data. You can do this through the in-app account deletion feature or by emailing privacy@assesskit.co.uk. Deletion will be completed within 30 days.

8.4 Right to Data Portability

You can export your data in CSV format using the export features within AssessKit. Generated reports can be downloaded directly.

8.5 Right to Object

You may object to processing where we rely on legitimate interests. As we primarily process data under the contract basis, this is unlikely to apply, but please contact us if you have concerns.

8.6 Right to Withdraw Consent

Where we process data based on your consent (for example, marketing emails), you can withdraw that consent at any time.

9. Marketing

We do not send marketing emails without your explicit consent. Transactional emails (account notifications, billing confirmations, password resets) are not marketing and are sent as part of delivering the service.

If you have opted in to marketing communications and wish to opt out, you can do so at any time by using the unsubscribe link in any marketing email or by contacting us at privacy@assesskit.co.uk.

10. Data Security

We take reasonable measures to protect your data. Details of our security practices are available in our Security Policy.

11. International Data Transfers

Some of our sub-processors are based outside the UK (primarily in the US and EU). Where data is transferred outside the UK, we ensure appropriate safeguards are in place, such as standard contractual clauses or adequacy decisions. See our Sub-processors List for specific locations.

12. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes by email or through the application. The "Last updated" date at the top of this page will always reflect the most recent version.

13. Complaints

If you are unhappy with how we have handled your data, please contact us first at privacy@assesskit.co.uk and we will do our best to resolve the matter.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

14. Contact Us

For any questions or requests regarding your personal data, contact us at: